Cybersecurity researchers have uncovered a novel attack technique that abused indirect prompt injection to sidestep safeguards in Google Gemini, turning Google Calendar into an unexpected data-leak channel. According to findings shared by Miggo Security, attackers were able to sneak a…
Security researchers have uncovered a new tactic used by the JavaScript-based malware loader known as GootLoader, showing how threat actors are abusing broken ZIP archives to evade analysis and security tools. According to a recent report from Expel, attackers are…
OpenAI has announced plans to introduce advertising in ChatGPT for logged-in adult users in the United States. The rollout will apply to both the free version and the low-cost ChatGPT Go tier, with testing expected to begin in the coming…
Ukrainian and German investigators have uncovered the identities of two Ukrainian nationals believed to be involved with Black Basta, a ransomware-as-a-service operation linked to Russia. Authorities also announced that the group’s suspected leader, 35-year-old Russian citizen Oleg Evgenievich Nefedov, has…
Node.js maintainers have issued emergency updates to address a serious vulnerability that can cause production applications to crash unexpectedly, opening the door to denial-of-service (DoS) attacks across much of the Node.js ecosystem. According to the Node.js security team, the issue…
Microsoft has released its first Patch Tuesday updates for 2026, rolling out fixes for 114 security vulnerabilities across Windows and related products. One of the flaws, the company confirmed, is already being exploited in real-world attacks. Of the total issues…
A new 2026 web security study has found that third-party applications are accessing sensitive user data on a majority of major websites without a clear business reason. After analyzing 4,700 high-traffic sites, researchers discovered that 64% of third-party tools now…
Fortinet has released security updates to address a high-severity flaw in its FortiSIEM platform that could allow unauthenticated attackers to remotely execute code on affected systems. The vulnerability, tracked as CVE-2025-64155, carries a CVSS score of 9.4, placing it firmly…
Security researchers have uncovered an active malware campaign that is abusing a DLL side-loading weakness in a legitimate Windows executable linked to the open-source c-ares library. The technique allows attackers to quietly bypass security defenses and install a broad range…
AI agents have moved far beyond simple productivity tools. What started as personal assistants for coding, chat, or task automation are now shared, organization-wide systems embedded deep inside daily operations. Across security, IT, engineering, and business teams, these agents increasingly…
Security researchers at Lumen Technologies’ Black Lotus Labs say they have taken action against a large command-and-control infrastructure tied to the AISURU and Kimwolf botnets. Since early October 2025, the team has null-routed traffic linked to more than 550 C2…
Security researchers have identified a new malware operation, tracked as SHADOW#REACTOR, that uses a carefully layered infection process to install Remcos RAT, a commercially available remote access trojan widely abused by cybercriminals. The campaign relies on a stealthy, multi-step execution…
A serious security vulnerability has been identified in ServiceNow that affects its AI and virtual agent components, raising concerns about how agentic AI systems can be abused inside enterprise environments. The issue impacts the following ServiceNow components and versions: The…
Threat Intelligence / Identity Security The security world often fixates on what’s new. AI-driven attacks. Post-quantum cryptography. Zero-trust frameworks. Yet when you step back and look at what’s actually working for attackers in 2025, the picture is far less futuristic.…
Artificial Intelligence / Automation Security AI systems have moved far beyond assisting developers with suggestions. Today’s AI agents can write code, execute it, test applications, and deploy updates with little to no human involvement. Platforms such as Copilot, Claude Code,…
Security researchers have uncovered a harmful Google Chrome extension that targets users of MEXC, a centralized cryptocurrency exchange operating in more than 170 countries. The extension pretends to be a trading automation tool but is designed to quietly steal sensitive…
Cybersecurity researchers have uncovered a large-scale web skimming operation that has been running quietly since January 2022. The campaign targets online payment environments connected to major card networks, including American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay. According to…
Cybersecurity is no longer just an IT issue. It is now a boardroom priority, reshaping how businesses plan growth, manage risk, and protect revenue. As companies push deeper into cloud services, remote work, AI tools, and online transactions, cyber threats…
Anthropic has rolled out a new set of health-focused capabilities for its Claude chatbot, giving users tools to better interpret and manage their personal medical information. The update, introduced under a program called Claude for Healthcare, allows U.S.-based subscribers on…
A renewed surge of attacks linked to the GoBruteforcer botnet is actively targeting servers used by cryptocurrency and blockchain projects. The campaign focuses on hijacking poorly secured systems and turning them into part of a distributed botnet used to brute-force…
